Microsoft makes web identity systems open source, interoperable

Microsoft has announced a series of initiatives that will open up its web
…

Microsoft has announced a series of initiatives intended to make its web identity management frameworks more interoperable with products from other vendors. In addition to making the WS-Trust and WS-SecureConversation web services made available under the Open Specification Promise (OSP) back in September, Microsoft has now also made the Identity Selector Interoperability Profile available under the OSP as well as starting up four open-source projects to help web site operators make their sites identity-aware. The OSP is an irrevocable promise by Microsoft not to sue over any patent-related violations (what Microsoft calls "Necessary Claims").

The four open-source projects will be hosted on Sourceforge as well as Rubyforge and will implement "information cards" that web site operators can use to help identify users in a variety of formats including Java, Tomcat (for IBM WebSphere servers), Ruby on Rails, PHP, and a generic C library.

The concept of web identity involves three participants: the user/customer, the web site owner, and a third party that holds information that can verify the user's identity. The services and projects Microsoft has announced are intended to improve interoperability between all three components of a web-based identity system.

"Our customers expect us to enable interoperability between Microsoft-based solutions, as well as across other platforms and technologies. For this reason, we take a very pragmatic, customer-centric view of interoperability," said Bob Muglia, senior vice president of the Server and Tools Business at Microsoft. "Addressing the effective exchange of identity information is a perfect example of how we look at interoperability holistically in order to meet a critical customer need."

The move represents the continuing shift in Microsoft's approach to web services. Years ago, Microsoft announced an online identity manager called Hailstorm that would run on Microsoft's servers. Businesses were cool to the idea, and today it survives only on Microsoft-owned services such as Hotmail and Windows Live Messenger. More recently, Microsoft announced that it would be shipping the identity manager InfoCard as a part of Windows Vista. InfoCard was later renamed Windows CardSpace and is available on Vista as well as a free download for XP SP2 and Windows Server 2003 R2. Windows CardSpace works as an "Identity Selector," allowing users to view visual Information Cards that represent their digital online identities.

Does this mean that Microsoft is opening up CardSpace? A Microsoft spokesperson told Ars that while CardSpace itself is not being open-sourced, it is possible for other vendors to create their own CardSpace-compatible Identity Selectors. Such compatible projects have already been demonstrated by IBM's open-source Higgins project as well as Novell's Bandit. It appears as if Microsoft is admitting that in the world of the web, collaboration and interoperability tend to win over proprietary, single-sourced solutions.